Effective since: August 22, 2024 | See previous version
This Privacy Policy (“Policy”) applies between you and Snovio Inc. (“Snovio”, “Company”, “we”, “us”, “our”), the owner and provider of this website https://snov.io/ (“Site”), web application Snov.io, API methods available by api.snov.io hostname (collectively the “Platform”). This Policy applies to our use of any personal data processed by us in relation to the provision of our services and products and your use of the Platform.
When processing your personal data Snovio can play different roles under the GDPR and other applicable laws and regulations. Depending on the factual circumstances of the processing, we may act as a data controller, joint controller or data processor under the GDPR and business and service provider under the CCPA respectively.
You can be our website visitor, client, prospect, or related person:
When you submit your personal data as a client through our Platform, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.
We use the following definitions in this Policy:
“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“joint controllers” means two or more controllers jointly determining the purposes and means of processing.
“data subject” is a natural person about whom Snovio holds personal data.
“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.
“processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“services” means sourcing, lead generation and sales automation services provided by the Company via online platform and web application.
We collect three basic types of information about you in connection with our services: client and website visitor data, prospect data, and business data which relate to clients, website visitors, prospects, and related persons respectively. In particular, we collect:
Client and website visitor data:
(a) Registration Information. When you create an account on the Platform, we collect the following required information about you: email address, first and last names, and phone number. You must enter the above information yourself to create an account unless we receive such information (except phone number) about you from the Gmail authentication token when you choose to sign up using the ‘Sign In with Google’ button.
When you register an account, the Platform creates a unique identifier (user ID) to facilitate your identification on the Platform.
(b) Authentication Token Information. When you create an account on the Platform through the ‘Sign In with Google’ button, we collect encrypted Gmail authentication token obtained from Google LLC. We can obtain the following information about you via such a token: first and last names, email address, language settings.
(c) Automatically Collected Information. When you create an account, we collect certain information about you and your device automatically, including, IP Address, referral link, registration date, account balance information, language, and browser type. We may also collect some information about your activity on the Platform, such as the time you purchased a subscription or renewed your plan, the progress in completing gamification tasks, and any other actions taken while using our services.
(d) Workplace Information. When you create an account on the Platform, we collect some general information about your workplace and the purpose for using our Platform so that we can develop and optimize our Platform to meet the needs of our customers. Collecting workplace information allows us to know specifically who the processing agent is in order to expedite communication, e.g. in the event we receive a request from a data subject. Such information includes your company name, approximate company size, your occupation and purpose for using our Platform.
(e) Payment Information. If you order services from us, you will need to provide certain personal details, including payment information, so the order can be fulfilled. This information includes your identifier (client and order), email address, IP address, phone number, first and last names, country code, address (city, state, zip code), company name, card type, last 4 digits of the card number, user agent and browser language data, name of payment processor and may be used to prevent fraudulent chargebacks.
In order to obtain payment from you, we will use or direct you to a third-party payment processor who will collect this information from you and process your payment. Please note that a third-party payment processor is responsible for all collection, processing, and storage of your financial information and we do not have direct access to or possession of your payment card information (except the four last digits of the card number) or banking information.
(f) Google User Data. Email address of the integrated Gmail account, the access token, or identifiers for 1) drafts and messages sent via features (such as Remind Me and Send Later) of Unlimited Email Tracker for Gmail, 2) emails sent via campaigns and/or GBlast, 3) all inbox emails with all text information, attaches and images, received as answer to emails sent via campaigns, 4) synchronization of Google Calendar with Snovio CRM service.
(g) Connected Accounts Data. We can collect information related to your email or social media account when you connect (add) an email sender account or social media account in the settings of your account in order to use Drip Campaigns or Email Warm-Up services. This data may include login credentials of the connected account (login and password) and the following information for the social media accounts: a country, a city, and a temporary code.
The added email can also be used as part of Domain Health functionality. In this case, Snovio can send automated emails with no content from added emails to enhance its services and allow clients to access the results of domain health assessment.
(h) Drip Campaigns Data. Information regarding the Drip Campaigns services sent by the clients: email addresses added to drip campaign recipients, settings for the purposes of sending the email drip campaigns, replies to campaign emails, a timeline of these campaign actions, identifiers of sent and received emails, content of emails, information on the email recipient, the tracking status of sent emails for statistics.
To provide our services, when the client sends a message via the LI Touch functionality to another individual (recipient), we can collect the recipient's full name, country of residence, link to the recipient's social media account, and message content.
(i) Email Warm-Up Campaigns Data. Information regarding clients’ use of the Email Warm-Up services, i.e. how many emails were sent, received, and found in the ‘spam/junk’ section of your email account during your email warm-up campaign. Email Warm-Up services are not provided for Gmail (Google) accounts. Therefore, Email Warm-Up Campaigns Data cannot include any data obtained from clients’ Gmail (Google) accounts.
(j) Unlimited Email Tracker Data. Information regarding clients’ use of the Unlimited Email Tracker extension, i.e. message ID, subject, sender, and recipient of an email.
(k) Integrations API Information. Clients’ API tokens, which are necessary to integrate your account (giving our Platform access to a third-party platform API) with other third-party services, including CRM, collaboration tools, forms, customer support platforms, such as Calendly, Pipedrive, Zapier.
(l) Email AI Data. We can collect a client's personal data when the client uses our Email AI feature to write, edit the email text (including the email tone and language), and/or generate the email subject line according to the provided information. This data may include the input text content, generated text content, client's evaluation with additional comments, email block and company ID, user ID, and pricing plan ID.
(m) Push Notifications Information. If you have enabled push notifications on our website, we can provide you with push notifications about opening an email sent, engaging with a designated link within an email sent, and receiving a reply for the email sent, depending on what event notifications you have selected. In this case, we can collect certain information regarding the selected event notifications and details about your browser's permission to receive these notifications.
(n) Contact Information. We can collect some personal data when you submit your personal information via the Site’s online chat or other forms to contact, such as to book a call, provide feedback on our Platform, subscribe to updates, or join our affiliate program. Such data may include name, email address, phone number, job position, message, and other information you may provide us via available contact options.
(o) Cookies Information. On our Site, we use cookies and other tracking technologies for a variety of purposes: for analytics, marketing activities, remembering your preferences, and other purposes. Such use may involve the transmission of information from us to you and from you to a third party website or us. To learn more regarding our use of cookies please see our Cookie Policy.
The Company may have admin access to any data available in the client's account in cases when the client applies for customer and/or technical support or for the purposes of ensuring availability and accessibility of account and/or preventing bugs. In this case, Registration Information and Automatically Collected Information can be processed.
Prospect data:
(p) Prospect Data. We collect and process third-party personal data (mainly information related to data subject’s business interests or occupation) that has been provided to us by the client manually, via integrations, or generated/collected through Snovio’s tools (Email Finder, LI Prospect Finder, Database Search, Single Email Search, Bulk Email Search, Domain Search, Bulk Domain Search, Company Profile Search). Such information can include email address and/or first name, last name, corporate email, location (not precise), industry, current and previous position, place of work, links to social media and client’s notes about a particular prospect.
(q) CRM Data. We process prospect data and any other personal data provided to us by our client within the Snovio CRM service, information used in ‘Deals’ and ‘Tasks’ features of CRM.
(r) Synchronized Data. We can process third-party personal data (stored in client’s Hubspot or Pipedrive account) that has been provided to us by the client when the client decides to integrate their HubSpot or Pipedrive account with our platform and subsequently share with us the information stored in their HubSpot or Pipedrive account.
Business data:
(s) Business Data. We collect and process business information such as company name, location, website, HQ phone, year of foundation, industry, company size, and company social media. In some cases, this information may include personal data, for example, individual name and/or surname as a company name (such as a partnership), contained in the website URL, or phone number of the related person published as a general business number.
We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.
We DO NOT sell your data. We DO NOT use automated decision-making and profiling. |
We DO NOT intentionally collect and process the personal data of children or any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data |
We collect and process your personal data or the personal data you provided us with in accordance with the provisions of the GDPR and other applicable laws.
GDPR provides an exclusive list of lawful bases allowing us to process the personal data. During the personal data processing, we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it with your consent. We require the minimum amount of your personal data that is necessary to notify you about our services and products (for example, send you a newsletter or offer).
You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful.
You may withdraw the consent to the processing of your personal data by sending us an email at help@snov.io, a message via the Site’s online chat form or by contacting us in any other way convenient for you.
Article 6.1(f): legitimate interests
We can process prospect data and business data based on our, your and your potential business partner’s legitimate interests, namely to:
You may read more about it in Snovio’s Joint Controllership Agreement.
We use only strictly necessary data that was subject to the legitimate interest assessment procedure.
Article 6.1(b): performance of a contract
When you provide us with the personal data during the registration of the account on the Platform, insert requested payment information to purchase services; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfill the applicable legal obligations arising mainly under the GDPR. If you send us the request to fulfill the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
When acting as a data controller, we use your personal data for the purposes listed in the table below where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information as to the source of such data:
Purposes | Type of personal data | Legal grounds | Third parties recipients | Source |
---|---|---|---|---|
Creating an account on the Platform | (a) Registration Information (b) Authentication Token Information (c) Automatically collected Information (d) Workplace Information | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, Google LLC |
Maintenance of the account on the Platform (including ensuring availability and accessibility of account and preventing bugs) | (a) Registration Information (b) Authentication Token Information (c) Automatically collected Information | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, Google LLC |
Communication with clients and website visitors (to resolve general queries, concerns, or complaints, any other issues, or to send reports on the services performed) | (a) Registration Information (n) Contact Information (c) Automatically collected Information | Performance of a contract (Article 6(1)(b)) Your consent (Article 6(1)(a)) | AWS, Hotjar, Crisp, Google Workspace, Sendgrid, Calendly, Contractors | Client, Website visitor |
Analytics & Developing (for understanding, optimizing, and improving our Platform) | (c) Automatically collected Information (d) Workplace Information (n) Contact Information (o) Cookies Information | Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f)) | Hotjar, Google Analytics, Google Workspace, Amplitude, Prove Source, Contractors | Client, Website visitor |
Marketing (to suggest and notify you about the services and products of the Company and conduct other marketing activities) | (a) Registration Information (n) Contact Information (o) Cookies Information | Your consent (Article 6(1)(a)) | CRM Pipedrive, SendPulse, AnnounceKit, Facebook, Google LLC, Contractors | Client, Website visitor, Facebook |
Processing of Payments | (e) Payment Information | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, 2Checkout, FastSpring |
Fraud Prevention (including chargeback fraud) | (a) Registration Information (c) Automatically collected Information (e) Payment Information (j) Unlimited Email Tracker Data (o) Cookies Information | Our legitimate interest (Article 6(1)(f)) | AWS, IP Quality Score, Contractors | Client, Website visitor, 2Checkout, FastSpring |
Maintenance of Snov.io Affiliate Program | (n) Contact Information (name and email address) | Performance of a contract (Article 6(1)(b)) | Contractors | Client, First Promoter |
Enabling email sending through the Platform on the client’s behalf, track the replies to messages sent through the Platform and/or GBlast, enable the ‘Remind Me’ and ‘Send Later features’ of Unlimited Email Tracker | (f) Google User Data | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, Google API |
Providing Drip Campaigns services (including LI Touch functionality) to clients | (f) Google User Data (g) Connected Accounts Data (h) Drip Campaigns Data | Performance of a contract (Article 6(1)(b)) | AWS, SendPulse, Contractors | Client, Google API, Snovio tools and extension |
Providing Email Warm-Up Campaigns services to clients | (g) Connected Accounts Data (i) Email Warm-Up Campaigns Data | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client |
Performance of Domain Health functionality | (g) Connected Accounts Data (email only) | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client |
Providing other services, including synchronization Google Calendar with Snovio CRM service, to clients and ensure the proper operation of the Platform | (f) Google User Data | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, Google API (including Google Calendar API) |
Enabling clients to integrate their accounts on the Platform with other services | (k) Integrations API Information | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Client, Third-party API (Calendly, Pipedrive, Zapier, etc.) |
Maintenance of a database of contact information of potential customers or business partners to assist our clients in finding prospects according to the set search criteria | (p) Prospect Data (s) Business Data | Legitimate interests of Company, clients, and such third parties (Article 6(1)(f)). | AWS, Contractors | Clients, Snovio tools and extensions |
Providing clients with the Email AI feature and further enhancing the performance of the feature | (l) Email AI Data | Performance of a contract (Article 6(1)(b)) Our legitimate interest (Article 6(1)(f)) | OpenAI, AWS, Contractors | Clients |
Informing clients about the selected events via push notifications | (c) Automatically Collected Information (m) Push Notifications Information | Performance of a contract (Article 6(1)(b)) | AWS, Contractors | Clients |
Complying with the law or legal process | (a) Registration Information (b) Authentication Token Information (c) Automatically collected Information (d) Workplace Information (e) Payment Information (f) Google User Data (g) Connected Accounts Data (h) Drip Campaigns Data (i) Email Warm-Up Campaigns Data (j) Unlimited Email Tracker Data (k) Integrations API Information (l) Email AI Data (m) Push Notifications Information (n) Contact Information (o) Cookies Information (p) Prospect data (q) CRM Data (r) Synchronized Data (s) Business data | Legal obligation (Article 6(1)(c)) Our legitimate interest (Article 6(1)(f)) | AWS, Hotjar, Google Workspace, Google Analytics, Sendgrid, Crisp, Amplitude, Prove Source, CRM Pipedrive, SendPulse, IP Quality Score, Contractors | Client, Google LLC, Facebook, 2CheckOut, FastSpring, Third-party API, Snovio tools and extensions |
We also process certain personal data as a data processor, at the request and pursuant to the instructions given by the respective user of our Platform (data controller in that case). Please note that we can process certain personal data when you use or access our services, tools, and extensions, or synchronize data about contacts stored in your HubSpot or Pipedrive account with Prospect and Business data in your Snovio account. You can read more in the ‘SNOVIO EXTENSIONS AND INTEGRATIONS’ section of this Policy. We describe several possible situations where we can act as a data processor in the table below:
Purposes | Type of personal data | Legal grounds | Third parties recipients | Source |
---|---|---|---|---|
Providing our clients with the services and tools for searching personal data of potential customers or business partners | (p) Prospect data (s) Business data | Determined by the respective data controller, namely, the Client. | AWS, Contractors | Client, Snovio tools and extensions |
Providing our clients with the services regarding verification of email addresses | (p) Prospect data (only Email addresses) | Performance of a contract (Article 6(1)(b)). | AWS, Contractors | Client |
To provide CRM services to clients (operate, group and structure the Prospect data and other information used in the ‘Deals’ and ‘Tasks’ features of CRM) | (q) CRM Data | Performance of a contract (Article 6(1)(b)). | AWS, Contractors | Client |
Providing our clients with the possibility to integrate their account of another platform with our platform to combine the functionalities of multiple platforms | (p) Prospect data (r) Synchronized data (s) Business data | Performance of a contract (Article 6(1)(b)). | AWS, HubSpot, Pipedrive, Contractors | Client, HubSpot, Pipedrive |
Providing our clients with the Drip Campaigns services (including LI Touch functionality) | (h) Drip Campaigns Data (p) Prospect data | Performance of a contract (Article 6(1)(b)). | AWS, Contractors | Client, Snovio tools and extensions |
In some situations, we can act as joint controllers with our clients. When we act as a joint controller jointly with you, Joint Controllership Agreement shall be applicable to you. In such a case, we may process the following personal data:
Purposes | Type of personal data | Legal grounds | Third parties recipients | Source |
---|---|---|---|---|
Providing our clients with the services and tools for searching personal data of potential customers or business partners | (p) Prospect data (s) Business data | Legitimate interests of Company, clients, and such third parties (Article 6(1)(f)). | AWS, Contractors | Client, Snovio tools and extensions |
IMPORTANT: Snovio's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
We analyze all new email in your Inbox using automated algorithms and, in the event they received as answer to emails sent via campaigns and single send email option, we will store them (with all text information, attaches and images) and record the results of the analysis to provide accurate campaign functioning, campaign statistics, demonstrate the content of the emails to the user (to which Snovio does not have access), and ensure operability of the Remind Me feature in case the sent email receives no reply.
We do not access your Sent emails through your Gmail account. We use access to draft sending in your Gmail account to ensure the operability of the Send Later feature.
We may add a tracking pixel to the body of emails sent through our service to track email opens and wrap your links with tracking domain to track link clicks. We use the data acquired through these tracking methods to maintain email campaign operability and provide campaign reports.
You may revoke Snovio’s access to your Gmail account in the Account’s settings page here. If you decide to do so, we will lose access to your Gmail account and will no longer be able to provide you campaign sending services through Gmail API.
We delete all data collected from your Gmail account upon request.
Not all Google User Data may contain personal data. Some statistical data will be anonymized.
With regard to the access to Google User Data as specified above, we will:
You may use our extensions, namely Email Finder, Li Prospect Finder, Unlimited Email Tracker, Email Verifier, and Web Technology Checker to facilitate your email campaigns to your potential business partners.
Email Finder and LI Prospect Finder
To use the extensions, you need to be registered at and logged into app.snov.io. Upon installation and activation of the extensions, the extensions may collect personal information such as email addresses and business profiles from publicly available sources. Handling and storing of this information in your account on your behalf occurs only at your request. At the same time, we may store certain information obtained when you use the LI Prospect Finder extension such as business profiles you visited. This data is stored in our database and can be found through a search inside the Platform.
If you do not want your personal data to be included as part of our service, you may opt-out by contacting us at help@snov.io or opt-out from all mailing lists on the Platform through this form. You can read more in the ‘HOW TO DELETE MY DATA’ section of this Policy.
Unlimited Email Tracker
The extension may require authorization in our web application (app.snov.io). Additionally, to use the Send Later and Remind Me features you must allow Snovio to access your Google account. You can learn more about how Snovio uses your Google data in the ‘GOOGLE USER DATA’ section of this Policy.
You can send emails through your usual Gmail interface and Unlimited Email Tracker extension will provide tracking information. We’ll let you know if we think your emails have been opened and how many times. We store the subject and message ID of emails for the open notifications only. We use them for tracking, as well as to enable the ‘Send Later’ and ‘Remind Me’ features. We store message ID, subject, sender, and recipient of an email for fraud prevention purposes within the period specified in ‘DATA SECURITY, INTEGRITY, AND RETENTION’ section of this Policy.
Email Verifier
To use the extension, you need to be registered at and logged into app.snov.io. The extension may collect email addresses from the websites you visit. We store the data only upon your request, and only if you click the "Save" button.
Website Technology Checker
To use the extension, you don't need to be registered at or logged into app.snov.io. This extension collects the information about websites using specific web technologies (non-personal data). We only store domains from visited websites to help us provide a better user experience.
Depending on your device and OS version, we have to request you to approve certain permissions for collection and processing of your personal data to enable the operation of the Email Finder, Li Prospect Finder, Unlimited Email Tracker, Email Verifier and Web Technology Checker extensions. Below is a list of such permissions and information explaining why our extensions ask for them:
Type of permissions required by the extensions and purposes of their collection/processing | Legal grounds | Third Parties recipients | Extension |
---|---|---|---|
"tabs" is using the chrome.tabs API (getting bookmark links, creating new tabs with our link, reloading open pages of app.snov.io); "http: // * /", - access to all sites to get page content (alternative to all_urls); "https: // * /", - access to all sites to get page content (alternative to all_urls); "cookies", - session recovery via cookies from app.snov.io; "notifications", - to show push notifications (completion of background tasks); "webRequest", - for automated information collected from web pages without direct opening of the pages by the user; "contextMenus" - to create a new item 'Background tasks' in the context menu of the extension. | Your consent (Article 6(1)(a)); | AWS, MongoDB | Email Finder |
"*: //*.snov.io/*", - access to our pages and API; "https://mail.google.com/*", - access to Gmail pages; "tabs" - for using the chrome.tabs API (getting bookmark links, creating new tabs with our link, reloading open Gmail pages); "cookies", - session recovery via cookies from app.snov.io; "storage", - we store the activation settings of the tracker in the synchronized storage (if it's activated on one computer, then the settings are synchronized on others via Google account); "notifications" - push notifications; "gcm" - to transfer data from the server to the client, needed to show push notifications; "scripting" - is used to execute the script in the tab; "alarms" - this allows the user to set a timer for sending the email or to send it later automatically at a time specified by the user. | Your consent (Article 6(1)(a)); | AWS, MongoDB | Unlimited Email Tracker |
"tabs", - for using chrome.tabs API (getting bookmark links, creating new tabs with our link); "http: // * /", "https://*/"- access to all sites to receive page content, for email search on pages (alternative to all_urls); "cookies", - session recovery via cookies from app.snov.io; "storage", - storage of found emails lists; "unlimitedStorage", removes the limit on the number of emails stored in the Сhrome storage; "notifications" - push notifications after the email verification is completed. | Your consent (Article 6(1)(a)); | AWS, MongoDB | Email Verifier |
"storage", - for storing settings and found technologies; "tabs", - for using chrome.tabs API; "webRequest", - to access the chrome.webRequest API functions for reading of the HTTP headers to identify the technologies used; "http: // * / *", - access to all sites to get page content; "https://*/*", - access to all sites to get page content; "cookies" - session recovery via cookies from app.snov.io, as well as to determine the technologies used. | Your consent (Article 6(1)(a)); | AWS, MongoDB | Website Technology Checker |
Third-Party Integrations
On our Platform we enable users to use our integration with HubSpot or Pipedrive service to synchronize Prospect and Business data from their Snovio account with data about contacts stored in their HubSpot or Pipedrive account. When you integrate your HubSpot or Pipedrive account with our Platform, the data is transferred from your Snovio account to the HubSpot or Pipedrive account and from the Hubspot or Pipedrive account to your Snovio account in order to synchronize data between both platforms.
By enabling third-party integration, you potentially allow the third-party platform to access your data. We highly recommend reviewing the privacy practices implemented by the third-party services before enabling any integrations with them. You may read HubSpot’s Privacy Policy here and Pipedrive’s Privacy Notice here.
Email AI (Integration with OpenAI API)
The clients can use Email AI feature to write and edit the email text (including the email tone and language) and/or generate the email subject line according to the provided information. We use OpenAI's API to provide clients with the Email AI feature, available to fee-based plans. The Email AI feature is available by default, but the client can deactivate it on any occasion.
When the client uses the Email AI feature, we will transmit the client email's textual content to OpenAI to generate or edit the text and/or subject line according to the provided information. Be aware the generated email text and/or email subject line may occasionally be inaccurate due to the nature of machine learning. The client is solely responsible for reviewing the generated text and/or subject line.
Please note, Snovio and OpenAI may retain the information you provide us with while using the Email AI feature for a limited period of time. You can learn more about how long your Email AI data is stored and processed below in the ‘DATA SECURITY, INTEGRITY, AND RETENTION’ section of this Policy.
We highly recommend reviewing the privacy practices implemented by OpenAI before using the Email AI feature. You may read OpenAI Sharing & publication policy, OpenAI API data usage policies and Open AI Usage policies.
We store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.
We store Registration Information for the entire period when you use our services and for 1 month after the termination of your account on the Platform.
We store Payment Information you have provided us with for the entire period when clients use our services subject to partial deletion and partial anonymization thereafter.
We store Cookie Information for the period specified in our Cookie Policy.
We store Prospect Information provided to us by you manually or via Email Search services, excluding email addresses, for the entire period when you use our services and 3 months after the deletion of your account on the Platform. In any case, such information can be deleted if we obtain a deletion request from a prospect.
We store CRM Data, including personal data contained in the deals and tasks, for 90 days either after the deletion of the specific deal or task where such data has been processed or after the deletion of your account on the platform.
We store Email AI Data for 60 days after you have provided this data for us using the Email AI feature. Please note that while our service provider OpenAI states it does not use API data to train OpenAI models or improve OpenAI’s service offering by default, it may store data generated by the service for abuse and monitoring purposes for the period established in OpenAI API data usage policies (for up to 30 days at the moment of updating our Privacy Policy).
We store Authentication Token Information, Google User Data, Drip Campaigns Data, Integrations API Information for the period established by a third party who provided us with such information.
We store Unlimited Email Tracker Data for 60 days after the relevant email was delivered.
We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.
Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at help@snov.io or contacting us in another way convenient for you.
We have implemented appropriate organizational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.
We may share your personal data as a data controller with joint controllers, other controllers, and data processors in accordance with provisions specified hereafter.
Sharing personal data with joint controllers (other controllers)
We act as the joint controller while cooperating with Facebook (Meta Platforms Ireland Limited). With respect to this case of personal data processing, we are the party to the Facebook Controller Addendum. Namely, Meta Platforms Ireland Limited and we act as joint controllers with regard to:
Likewise, we act as joint controllers during the provision of our services to the clients. You may read more about it in Snovio’s Joint Controllership Agreement.
When we act as a joint controller for particular processing of personal data, a data subject may exercise his/her rights under the GDPR in respect of and against both joint controllers.
Google LLC and we act as independent controllers of personal data across Google LLC’s digital marketing services such as Google DoubleClick Digital Marketing and Google AdWords. To learn more, please visit our Cookie Policy.
There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. We have established supplier assessment procedures to ensure we choose trusted partners who provide appropriate security measures and safeguards.
Therefore, we may share and disclose your personal data to other data processors:
We may transfer your personal data to countries outside the EU and EEA (for example, Ukraine, China, and Brazil) that are not determined to offer an adequate level of data protection on the basis of Article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Snovio may adjoin such a data processing agreement. If so, Snovio and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.
Snovio had adjoined the publicly available data processing agreements of the following Contractors:
Our Platform may contain links that direct you to other websites or services whose privacy practices may differ from ours. Snovio can incorporate links to third-party websites or post YouTube videos with information about Snovio’s services within its articles posted on Snovio’s Blog, in Knowledgebase, Glossary or other sections of the Site, or supply you with such links when communicating with you.
Please note that if you provide any information to these third-party websites or services, their privacy policies, notices, or statements will govern your data, not this Privacy Policy. We encourage you to carefully review the privacy policies, notices, or statements of any website you visit. We have no control over and assume no responsibility for third-party websites or services' content, privacy policies or practices.
For transfers to countries that do not fall under the requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal International Transfer Procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the Platform does not knowingly collect personal data from persons under the age of 13.
By registering on the Platform and entering into the contract with the Company, you acknowledge that you have reached the age of 13 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.
If you have any reason to believe that a child under the age of 13 has provided his/her personal data to us, please contact us at help@snov.io.
We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use the following channels to address your inquiries: help@snov.io.
When we act as a joint controller with regard to particular processing of prospect data and business data, you may exercise your rights under the GDPR in respect of and against both our clients and us.
If we receive any complaint, claim or request from the data subject which shall be completed by our joint controller, we immediately notify it of such request and inform the data subject of the applied measures and further performance steps regarding serving such complaint/claim/request.
Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
Your rights under the GDPR:
Supervisory Authority under GDPR:
In case of any questions regarding data protection, you can apply to the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities through the link.
California residents’ rights
Under the California Consumer Privacy Act (the “CCPA”) amended with the California Privacy Rights Act (the “CPRA”), California residents have certain rights regarding our collection, use, and sharing of their personal information.
We may collect various categories of personal information when you use and/or access our Platform, including personal information of clients and website visitors, related persons and third-party prospects.
In particular, depending on actual circumstances, we may collect the following categories of personal information specified in the CCPA when you use and/or access our Platform:
You can find a detailed description of the personal information that we may collect from you above in the ‘TYPE OF DATA WE COLLECT’ section of this Policy. The purposes of the collection and/or use of personal information is stated in the 'HOW WE USE YOUR DATA' section of this Policy. Note that in the ‘SHARING YOUR DATA WITH OTHER ENTITIES’ section of this Policy you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA.
If you are a California resident, to the extent provided for by the CCPA and subject to applicable exceptions, you have the following rights in relation to the personal information we have about you:
The CPRA, amended the CCPA and added new additional privacy protection rights for a California residents, as follows:
We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA, as amended.
You can exercise your rights under the CCPA, as amended by sending us an email by any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.
Please, note that we may need to confirm your identity to process your requests to exercise your rights under the CCPA, as amended. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
Virginia, Colorado, Connecticut residents’ rights
Under the Virginia Consumer Data Protection Act (the “VCDPA”), Colorado Privacy Act (the “CPA”), Connecticut Data Privacy Act (the “CTDPA”), residents have certain rights regarding our collection, use, and sharing of their personal information.
You can find a detailed description of the personal information that we may collect from you above in the ‘TYPE OF DATA WE COLLECT’ section of this Policy. The purposes of the collection and/or use of personal information is stated in the 'HOW WE USE YOUR DATA' section of this Policy. Note that in the ‘SHARING YOUR DATA WITH OTHER ENTITIES’ section of this Policy you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the VCDPA, CPA and CTDPA.
We may collect various categories of personal information when you use and/or access our Platform, including personal information of clients and website visitors, related persons and third-party prospects. Under the jurisdiction of applicable state laws you may possess certain rights. Subject to the laws of your particular jurisdiction, you may have the following rights:
We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the VCDPA, CPA and CTDPA.
You can exercise your rights under the VCDPA, CPA and CTDPA by sending us an email by any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.
Please, note that we may need to confirm your identity to process your requests to exercise your rights under the VCDPA, CPA and CTDPA. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
This section will help you understand your rights under the LGPD and the way how we ensure them. If you are a user located in Brazil, you are able to exercise the following rights with respect to your personal data that we process:
Please note! We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm the personal data relates to you. We will only use such personal data to verify your identity
You may exercise the aforementioned rights by submitting your request at help@snov.io or in any other way convenient for you.
We kindly ask you to contact us directly so that we can quickly satisfy your deletion request or you can use a dedicated tool to delete your personal data from our Platform by yourself as described below.
You may request Company to delete all of your personal data using the following options of your choice:
In any case, please let us know if you have any difficulties in deleting your personal data. We will be happy to help you.
This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. Also, we encourage you to regularly review this Policy to check for any changes.
Such notification may be provided via your email address, posted in our social media accounts or announcement on the Site and/or by other means, consistent with applicable law.
If possible, we always give advance notice of upcoming changes by indicating when the new version Privacy Policy will take effect. If you continue to use our service or otherwise provide us with your personal information after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.
If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR, CCPA, LGPD, and other applicable laws, you can contact our Data Protection Officer directly using the following details:
External Data Protection Officer
Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: snovio_dpo@snov.io.
You may also contact us directly, including by post, using the following details:
Snovio Inc. has appointed Privacity GmbH as its EU/EEA representative pursuant to Article 27 GDPR. You can contact the representative at:
Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: representative@privacity.de